PGP Flaw Affects Microsoft Outlook
Flaw in popular Desktop Security plug-in may affect users of Microsoft's Outlook mail client.Security researchers have found a vulnerability in several versions of the popular PGP Desktop Security plug-in for Outlook that gives a remote attacker the ability to execute code on vulnerable PCs. The problem lies in the softwares message decoding functionality, which can be manipulated by an attacker sending a specially formatted e-mail message, resulting in an overwrite of a portion of the heap structure. A successful exploitation of the flaw could result in compromise of the victims machine and any PGP-encrypted communications, according to a bulletin released by eEye Digital Security Inc., which discovered the flaw. The vulnerability affects versions 7.0.3 and 7.0.4 of the PGP Desktop Security plug-in and version 7.0.3 of the PGP freeware.
The flaw is not in the encryption scheme used by the PGP software but instead lies in the small piece of client software that users of Microsoft Corp.s popular Outlook mail client must use in conjunction with PGP.